x-api-key no longer being provided

[woodl3y]

Bug Report

Current Behavior

With the latest version v13.3.2 we're no longer being provided with an API key when running locally.

We see only the line Remember to use 'x-api-key' on the request headers. in the terminal, but no value for x-api-key is provided. Reverting back to v13.3.1 we do get the additional line Key with token: 'some-generated-token'

• file: serverless.yml

service: my-service
frameworkVersion: ">=3.0.0 <4.0.0"
provider:
  name: aws
  role: ${cf:my-service-resources-${opt:stage}.LambdaExecutionRole}
  runtime: nodejs18.x
  region: us-east-1
  versionFunctions: false
  apiGateway:
    apiKeys:
      - ${self:service}-${opt:stage}-internal

plugins:
  - serverless-offline
  - serverless-plugin-aws-alerts
  - serverless-domain-manager
  - serverless-sqs-plugin-alarms
  - serverless-logless-plugin
  - serverless-log-forwarding
  - serverless-plugin-cloudwatch-dashboard

functions:
  graphql:
    handler: src/graphql/index.handler
    memorySize: 512
    timeout: 20
    provisionedConcurrency: ${ssm:/${opt:stage}/my-service/config/PROVISIONED_CONCURRENCY}
    events:
      - http:
          path: graphql
          method: post
          cors: true
          private: true
      - http:
          path: graphql
          method: get
          cors: true
    alarms:
      - name: functionInvocations
        threshold: 3000
    tags:
      FunctionType: graphql_api

Expected behavior/code

When running locally using sls offline start -s some_stage we should be provided with a value for x-api-key. The following line should be printed to the terminal as before:

Key with token: 'some-token'

Environment

• serverless: v3.38.0
• serverless-offline: v13.3.2
• serverless-plugin-aws-alerts: v1.7.5
• serverless-domain-manager: v7.3.3
• serverless-sqs-plugin-alarms: v1.0.2
• serverless-logless-plugin: v0.0.2
• serverless-log-forwarding: v3.1.0
• serverless-plugin-cloudwatch-dashboard: v1.2.0
• node.js: v18.18.0

[raikkon88]

I encountered the same problem, and it's just after we upgraded from 13.3.1 to 13.3.2. We also had to downgrade to the previous version, I'm using node 20.9.0.

[nakshathru]

Facing similar issue with node 18x

[Deamon19]

Same, in 13.3.2 version after webpack building message Key with token: 'some generated api key hash' does not appear anymore

[ddbhagat]

This looks to be the BUG, I was checking their code,

serverless-offline/src/events/http/HttpServer.js

Line 469 in c85a192

if (!this.#apiKeysValues.has(apiKey)) {

I can see that there is a check for x-api-key but the master keySet doesnt have the required value. In my case when printed the whole key set, the only value that I see is [stage]-[lambda-name] . Eg. local-test-lambda-api

And now if I set the "x-api-key" to "local-test-lambda-api". THIS WORKS !!

Eventually the issue is with below piece of serverless.yml config

  apiGateway:
    apiKeys:
      - ${self:service}-${opt:stage}-internal

So If you declare any of apiKeys under api gateway, the automatically created x-api-key will not be shown at all. just remove this apiKeys section, start local and you can see that x-api-key is shown on startup.

I hope this may help someone as quickfix.
Other alternative is to use --noAuth with sls command, this will bypass the auth check alltogether.